Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Web Controls (http://www.velocityreviews.com/forums/f63-asp-net-web-controls.html)
-   -   asp.net ajax requires ViewStateEncryptionMode="Never" (http://www.velocityreviews.com/forums/t779803-asp-net-ajax-requires-viewstateencryptionmode-never.html)

Trapulo 04-16-2007 10:23 AM

asp.net ajax requires ViewStateEncryptionMode="Never"
 
Hello,
I've a page with a gridview and an updatepanel containing a placeholder.
When a gridview's row is selected, I load (using page.loadControls) a
different usercontrol in the placeholder based on selected row index.

Theese are my controls:
gridview
updatepanel[placeholder[userControl loaded at runtime]]

UpdatePanel has a trigger related to gridview's selectedIndexChanged event.

Some userControl I load contains an objectDataSource and a gridView to
display data related to user selection.

If I dont' set ViewStateEncryptionMode="Never", when I select a row, then an
other row, and then I select again the first, I have an error related to MAC
validation ("validation of viewstate MAC failed. If the application is
hosted by a web farm or cluster, etc. etc.").

Is there any way to solve this error without to disable viewstate
encryption?

thanks




Walter Wang [MSFT] 04-17-2007 08:11 AM

RE: asp.net ajax requires ViewStateEncryptionMode="Never"
 
Hi Trapulo,

I'm having trouble to reproduce the issue on my side. Also, you mentioned
two GridView, which one you selected will cause the exception?

For some explanation about the exception, Eilon once described some
possible cause of it (http://forums.asp.net/thread/1173230.aspx):

=============

The error that's happening (as has been mentioned earlier) is caused by an
ASP.net 2.0 feature called Event Validation. This is a security feature
that ensures that postback actions only come from events allowed and
created by the server to help prevent spoofed postbacks. This feature is
implemented by having controls register valid events when they render (as
in, during their actual Render() methods). The end result is that at the
bottom of your rendered <form> tag, you'll see something like this:

<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION"
value="AEBnx7v.........tS" />

When a postback occurs, ASP.net uses the values stored in this hidden field
to ensure that the button you clicked invokes a valid event. If it's not
valid, you get the exception that you've been seeing.

The problem you're seeing happens specifically when you postback before the
EventValidation field has been rendered. If EventValidation is enabled
(which it is, by default), but ASP.net doesn't see the hidden field when
you postback, you also get the exception. If you submit a form before it
has been entirely rendered, then chances are the EventValidation field has
not yet been rendered, and thus ASP.net cannot validate your click.

One work around is of course to just disable event validation, but you have
to be aware of the security implications. Alternatively, just never post
back before the form has finished rendering. Of course, that's hard to tell
your users, but perhaps you could disable the UI until the form has
rendered?

Unfortunately there's no "perfect" solution for this just yet.

=============


Although we're using AJAX here, there's still a normal postback on the
server-side.

Anyway, we can discuss further after you helped me to reproduce the issue
on my side.


Sincerely,
Walter Wang (wawang@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications. If you are using Outlook Express, please make sure you clear the
check box "Tools/Options/Read: Get 300 headers at a time" to see your reply
promptly.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Trapulo 04-19-2007 08:40 AM

Re: asp.net ajax requires ViewStateEncryptionMode="Never"
 
Hi Walter,
I try to explain my page later.
I've found too the post you reported, but I think it's a different thing.
Or, better, a similar problem in a diffent way. I think that ASP.NET doesn't
validate viewstate posting data with AJAX, because some controls are
dinamically loaded into the page as ajax response.

However, I solved the problem. I don't know if its because now my
usercontrol uses a formView instead of other datacontrols, or if because I
change something else (I was working on the page with
ViewStateEncryptionMode="Never", so I did'nt made any specific test), but
now I can remove ViewStateEncryptionMode="Never" and it works.

However, I post the code of my page so you can understand my problem:


This is my first updatepanel:
<asp:UpdatePanel ID="upOptions" runat="server" EnableViewState="False"
UpdateMode="Conditional">
<ContentTemplate>

<asp:GridView ID="gwOptions" DataSourceID="ds1" runat="server"

EnableViewState="False" ShowHeader="False" SkinID="gwNoDataKeyNames"
Width="100%"

AutoGenerateColumns="False">

<Columns>

<asp:TemplateField>

<ItemTemplate>

<asp:Image ID="imgStepNotCompleted" Visible='<%# not
Cbool(Eval("Completed")) %>'

runat="server" ImageUrl="~/images/misc/homeStep.gif" />

<asp:Image ID="imgStepCompleted" Visible='<%# Cbool(Eval("Completed")) %>'
runat="server"

ImageUrl="~/images/misc/homeStep_complete.gif" />

</ItemTemplate>

<ItemStyle HorizontalAlign="Left" VerticalAlign="Middle" Width="50px" />

</asp:TemplateField>

<asp:TemplateField>

<ItemTemplate>

<asp:HyperLink ID="linkService" runat="server" Text='<%#
Eval("localizedName") %>'

NavigateUrl='<%# Eval("managementPagePath") %>'></asp:HyperLink>

</ItemTemplate>

</asp:TemplateField>

<asp:TemplateField>

<ItemTemplate>

<asp:ImageButton ID="btnSelect" runat="server" Visible='<%#
cbool(Eval("Completed")) %>'

CommandName="Select" CommandArgument='<%# eval("ServiceType") %>'
EnableViewState="False" ImageUrl="~/images/misc/homeStep_preview.gif" />

</ItemTemplate>

<ItemStyle HorizontalAlign="Right" VerticalAlign="Middle" Width="50px" />

</asp:TemplateField>

</Columns>

</asp:GridView>

</ContentTemplate>

</asp:UpdatePanel>

And this is the second updatePanel:
<asp:UpdatePanel ID="upPreview" runat="server" UpdateMode="Conditional">

<ContentTemplate>

<asp:Panel ID="panelPreview" runat="server" Visible="false">

<div class="webPartPanelTitle3" style="">

<asp:Label ID="lblPreviewTitle" runat="server"
meta:resourcekey="lblPreviewTitle"

EnableViewState="false">Anteprima</asp:Label>

</div>

<div class="webPartPanel3" style="padding-top: 10px; padding-left: 5px;
padding-bottom: 10px;

padding-right: 5px;">

<asp:PlaceHolder ID="phPreview" runat="server"
EnableViewState="False"></asp:PlaceHolder>

</div>

</asp:Panel>

</ContentTemplate>

<Triggers>

<asp:AsyncPostBackTrigger ControlID="gwOptions"
EventName="SelectedIndexChanged" />

</Triggers>

</asp:UpdatePanel>


Then, in codebehind, I make this dynamic load:
Protected Sub gwOptions_RowCommand(ByVal sender As Object, ByVal e As
System.Web.UI.WebControls.GridViewCommandEventArgs ) Handles
gwOptions.RowCommand

Select Case e.CommandName

Case "Select"


Me.phPreview.Controls.Clear()

Select Case CType([Enum].Parse(GetType(ServiceTypes), e.CommandArgument),
ServiceTypes)

Case mainCard

Me.phPreview.Controls.Add(Me.LoadControl("~/Controls/Previews/ctlPreviewMainCard.ascx"))

Case secondaryCards

Me.phPreview.Controls.Add(Me.LoadControl("~/Controls/Previews/ctlPreviewSecondaryCards.ascx"))

Case passes

Me.phPreview.Controls.Add(Me.LoadControl("~/Controls/Previews/ctlPreviewPasses.ascx"))

[etc....]

End Select

End Select


The ctlPreviewMainCard.ascx control now contains a formView .
<asp:FormView ID="fvItem" runat="server" EnableViewState="false"
DataKeyNames="ID" DataSourceID="dataSourceMainCard">

<ItemTemplate>

etc..

If also contains an objectDataSource that retrieve data in a vary simple
way:
<asp:ObjectDataSource ID="dataSourceMainCard" runat="server"
EnableViewState="False"

OldValuesParameterFormatString="original_{0}" SelectMethod="GetCards"

TypeName="DataSources.Cards">

<SelectParameters>

<asp:Parameter DefaultValue="1" Name="type" Type="Object" />

</SelectParameters>

</asp:ObjectDataSource>


That's all

Thanks


"Walter Wang [MSFT]" <wawang@online.microsoft.com> wrote in message
news:ij2cTgMgHHA.6068@TK2MSFTNGHUB02.phx.gbl...
> Hi Trapulo,
>
> I'm having trouble to reproduce the issue on my side. Also, you mentioned
> two GridView, which one you selected will cause the exception?
>
> For some explanation about the exception, Eilon once described some
> possible cause of it (http://forums.asp.net/thread/1173230.aspx):
>
> =============
>
> The error that's happening (as has been mentioned earlier) is caused by an
> ASP.net 2.0 feature called Event Validation. This is a security feature
> that ensures that postback actions only come from events allowed and
> created by the server to help prevent spoofed postbacks. This feature is
> implemented by having controls register valid events when they render (as
> in, during their actual Render() methods). The end result is that at the
> bottom of your rendered <form> tag, you'll see something like this:
>
> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION"
> value="AEBnx7v.........tS" />
>
> When a postback occurs, ASP.net uses the values stored in this hidden
> field
> to ensure that the button you clicked invokes a valid event. If it's not
> valid, you get the exception that you've been seeing.
>
> The problem you're seeing happens specifically when you postback before
> the
> EventValidation field has been rendered. If EventValidation is enabled
> (which it is, by default), but ASP.net doesn't see the hidden field when
> you postback, you also get the exception. If you submit a form before it
> has been entirely rendered, then chances are the EventValidation field has
> not yet been rendered, and thus ASP.net cannot validate your click.
>
> One work around is of course to just disable event validation, but you
> have
> to be aware of the security implications. Alternatively, just never post
> back before the form has finished rendering. Of course, that's hard to
> tell
> your users, but perhaps you could disable the UI until the form has
> rendered?
>
> Unfortunately there's no "perfect" solution for this just yet.
>
> =============
>
>
> Although we're using AJAX here, there's still a normal postback on the
> server-side.
>
> Anyway, we can discuss further after you helped me to reproduce the issue
> on my side.
>
>
> Sincerely,
> Walter Wang (wawang@online.microsoft.com, remove 'online.')
> Microsoft Online Community Support
>
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications. If you are using Outlook Express, please make sure you clear the
> check box "Tools/Options/Read: Get 300 headers at a time" to see your
> reply
> promptly.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscripti...t/default.aspx.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>




Walter Wang [MSFT] 04-20-2007 09:16 AM

Re: asp.net ajax requires ViewStateEncryptionMode="Never"
 
Hi Trapulo,

Thanks for your update.

I'm still having trouble to reproduce the issue on my side. Anyway, since
you mentioned that the issue is now "fixed" by using a FormView, let me
know if you still want to continue finding the root cause.


Regards,
Walter Wang (wawang@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Trapulo 04-20-2007 10:54 AM

Re: asp.net ajax requires ViewStateEncryptionMode="Never"
 
I think we can stop here, thank you.

"Walter Wang [MSFT]" <wawang@online.microsoft.com> wrote in message
news:b5GBnyygHHA.6068@TK2MSFTNGHUB02.phx.gbl...
> Hi Trapulo,
>
> Thanks for your update.
>
> I'm still having trouble to reproduce the issue on my side. Anyway, since
> you mentioned that the issue is now "fixed" by using a FormView, let me
> know if you still want to continue finding the root cause.
>
>
> Regards,
> Walter Wang (wawang@online.microsoft.com, remove 'online.')
> Microsoft Online Community Support
>
> ==================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>





All times are GMT. The time now is 02:20 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.